Cyber espionage: Security authorities paralyze Russian botnet

Highlights: German security authorities shut down a computer espionage network run by Russian hackers. Malware was installed on hundreds of routers in offices and private households. Targets of the espionage activities were governments, military, security agencies and corporations in the USA and other countries. The focus of the attacks was on information about Germany's political-strategic orientation in connection with Russia and support deliveries of military goods for Ukraine. In Germany, the group became known to the general public in 2015 through the hacker attack on the Bundestag.

Together with partners, German security authorities have shut down a computer espionage network run by Russian hackers. The infiltrated devices could now no longer be misused for cyber espionage.

Enlarge image

Cyber espionage: Malware had been installed on hundreds of routers

Photo:

A3602 Frank Rumpenhorst/dpa

Unit 26165 of the Russian Military Intelligence Service (GRU) has many names: “Fancy Bear”, “Sofacy Group”, “Pawn Storm” and “Sednit” are just a few of them. Another is “APT28”. The cyber warriors have been active worldwide since at least 2004. In Germany, the group became known to the general public in 2015 through the hacker attack on the Bundestag.

It is now known that German security authorities helped take down a computer espionage network run by Russian hackers in a US-led operation in January.

"We know what instruments Putin's criminal regime uses," said Federal Interior Minister Nancy Faeser (SPD). "Our actions show how serious the threat posed by Russian cyber attacks is - but also how we are arming ourselves against these threats." Affected devices could now no longer be misused for cyber espionage operations.

For the botnet, malware was installed on hundreds of routers in offices and private households. The tool created in this way was reportedly used as a global cyber espionage platform, according to a statement from the US Federal Police Agency (FBI) and explanations from a spokesman for the Federal Ministry of the Interior.

According to the FBI, the hackers attacked routers that used publicly known default administrator passwords. The malware was then installed on these.

Owners of the devices are “very likely” not a target

The German ministry spokesman said, citing the Federal Office for the Protection of the Constitution, that the hacker group had also used the international infrastructure to attack German targets over the past two years. "The focus of the attacks was on information about Germany's political-strategic orientation in connection with Russia and support deliveries of military goods for Ukraine." In addition, targets in other EU and NATO states were also attacked.

According to the FBI, the targets of the espionage activities were governments, military, security agencies and corporations in the USA and other countries. “In this case, Russian secret services have turned to criminal gangs to help them,” the US statement continues. The owners of the affected devices were "very likely not the actual target of the attacks," as the ministry spokesman further explained.

chs/dpa

Cyber espionage: Security authorities paralyze Russian botnet

Owners of the devices are “very likely” not a target

You may like

Trends 24h

Latest

Cyber ​​espionage: Security authorities paralyze Russian botnet

Owners of the devices are “very likely” not a target

You may like

Trends 24h

Latest

Cyber espionage: Security authorities paralyze Russian botnet